CN114650290A - Network connection method, processing device, terminal and storage medium - Google Patents
Network connection method, processing device, terminal and storage medium Download PDFInfo
- Publication number
- CN114650290A CN114650290A CN202011497633.XA CN202011497633A CN114650290A CN 114650290 A CN114650290 A CN 114650290A CN 202011497633 A CN202011497633 A CN 202011497633A CN 114650290 A CN114650290 A CN 114650290A
- Authority
- CN
- China
- Prior art keywords
- address
- network
- overlay
- destination address
- service data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000012545 processing Methods 0.000 title claims abstract description 52
- 230000004048 modification Effects 0.000 claims abstract description 10
- 238000012986 modification Methods 0.000 claims abstract description 10
- 238000004590 computer program Methods 0.000 claims description 12
- 238000010200 validation analysis Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 abstract description 10
- 230000000875 corresponding effect Effects 0.000 description 16
- 238000004891 communication Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 7
- 238000006243 chemical reaction Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 5
- 230000004083 survival effect Effects 0.000 description 5
- 239000000306 component Substances 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 101000652292 Homo sapiens Serotonin N-acetyltransferase Proteins 0.000 description 2
- 102100030547 Serotonin N-acetyltransferase Human genes 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000011144 upstream manufacturing Methods 0.000 description 2
- 101100513046 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) eth-1 gene Proteins 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011176 pooling Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The disclosure relates to a network connectivity method, a processing device, a terminal and a storage medium. The method comprises the steps of receiving overlay service data; inquiring a flow rule according to a first destination address of overlay service data, and determining a second destination address corresponding to the overlay service data; the first destination address is an overlay network address; the second target address is an underlay network address; modifying a first target address of overlay service data into a second target address; and forwarding the overlay service data after the address modification to an underlay network through a preset virtual network card, wherein the preset virtual network card is a virtual network card which is created based on the overlay service network card and is bound with the OVS bridge. In the whole process, after the overlay service data are not required to be forwarded to the gateway corresponding to the first destination address, the overlay service data are forwarded to the underlay network, and compared with a centralized data processing mode of an SDN gateway, the data processing performance of the OVS can be improved.
Description
Technical Field
The invention relates to the technical field of cloud computing, in particular to a network connection method, a processing device, a terminal and a storage medium.
Background
Currently, with the rapid development of cloud computing, more and more enterprises migrate business systems to private clouds (or public clouds). An overlay network (overlay network) and an underlay network (underlay network) may be included in the cloud computing system. The underlay is a network of the current data center network infrastructure forwarding architecture and belongs to the physical infrastructure layer. overlay is a virtualization technology mode superimposed on a network architecture, and a virtual network (or a logical network) is constructed on an existing physical network (underlay network). By deploying the overlay network, the deep extension of the physical network to the cloud and virtualization is realized, the cloud resource pooling capability can be free from the heavy limitation of the physical network, and the method is the key for realizing the cloud network convergence. When the application is provided, the overlay network needs to be communicated with the underlay network, and the underlay network is used for point-to-point message transmission.
Disclosure of Invention
In view of the above, embodiments of the present disclosure are intended to provide a method, a processing device, a terminal, and a storage medium for network connectivity.
The technical scheme of the disclosure is realized as follows:
in one aspect, the present disclosure provides a method of network connectivity.
The method for network connectivity provided by the embodiment of the present disclosure is applied to an OVS bridge transmitting overlay service, and includes:
receiving overlay service data;
inquiring a flow rule according to a first destination address of the overlay service data, and determining a second destination address corresponding to the overlay service data; wherein the first destination address is an overlay network address; the second target address is an underlay network address;
modifying the first destination address of the overlay service data into the second destination address;
and forwarding the overlay service data after the address modification to an underlay network through a preset virtual network card, wherein the preset virtual network card is a virtual network card which is created based on the overlay service network card and is bound with the OVS bridge.
In some embodiments, the first destination address is: a virtual gateway address in the overlay network;
the second target address is: a physical gateway address in the underlay network;
the first destination address and the second destination address are both: and indicating the gateway address of the overlay service data flow direction.
In some embodiments, before receiving overlay service data, the method further includes:
setting configuration information in the flow rule according to the overlay service data; the configuration information at least includes:
the second destination address corresponding to the first destination address.
In some embodiments, the configuration information further includes at least:
the time of validity of the flow rule;
the validation time information is used for indicating the existence time length of the flow rule in the OVS.
In some embodiments, before receiving overlay service data, the method further includes:
creating the preset virtual network card based on the overlay service network card;
setting a forwarding port for matching the preset virtual network card; and
binding the preset virtual network card with the OVS bridge; and the forwarding port is a port connected with the physical network card of the second target address.
In another aspect, the present disclosure provides a network connected processing device. The processing apparatus of network connectivity that this disclosed embodiment provided includes:
the first processing unit is used for receiving overlay service data;
the second processing unit is used for inquiring a flow rule according to the first destination address of the overlay service data and determining a second destination address corresponding to the overlay service data; wherein the first destination address is an overlay network address; the second target address is an underlay network address;
a third processing unit, configured to modify the first destination address of the overlay service data into the second destination address;
and the fourth processing unit is configured to forward the overlay service data after the address modification to an underlay network through a preset virtual network card, where the preset virtual network card is a virtual network card created based on the overlay service network card and bound to the OVS bridge.
In some embodiments, in a processing device where the overlay network and the underlay network are connected,
the first destination address is: a virtual gateway address in the overlay network;
the second target address is: a physical gateway address in the underlay network;
the first destination address and the second destination address are both: and indicating the gateway address of the overlay service data flow direction.
In some embodiments, further comprising:
a fifth processing unit, configured to set configuration information in the flow rule according to the overlay service data; the configuration information at least includes:
the second destination address corresponding to the first destination address.
In some embodiments, in a processing device in which an overlay network and an underlay network are connected, the configuration information further includes at least:
the time of validity of the flow rule;
the validation time information is used for indicating the existence time length of the flow rule in the OVS.
In some embodiments, the fifth processing unit is further configured to create the preset virtual network card based on an overlay service network card;
setting a forwarding port for matching the preset virtual network card; and
binding the preset virtual network card with the OVS bridge; the forwarding port is a port connected with the physical network card of the second target address.
In another aspect, the present disclosure also provides a terminal.
The terminal provided by the embodiment of the disclosure comprises: the computer program comprises a processor and a memory, wherein the memory is used for storing a computer program capable of being executed on the processor, and when the processor is used for executing the computer program, the processor is used for executing the steps of the method for communicating the overlay network and the underlay network provided by the embodiment of the disclosure.
In yet another aspect, the present disclosure also provides a computer-readable storage medium.
The computer readable storage medium provided by the embodiments of the present disclosure has a computer program stored thereon, and when being executed by a processor, the computer program implements the steps of the method for communicating an overlay network and an underlay network provided by the embodiments of the present disclosure.
The method comprises the steps that connection between an overlay network and an underlay network is established through a preset virtual network card which is established based on an overlay service network card and is bound with an OVS bridge; inquiring a flow rule through a first destination address of overlay service data, and determining a second destination address corresponding to the overlay service data; modifying the destination address of overlay service data into a second destination address; and forwarding the overlay service data with the modified target address to an underlay network through a preset virtual network card. In the whole process, the first destination address of overlay service data is modified into the second destination address, the overlay service data is forwarded to the underlay network through the preset virtual network card, the overlay service data does not need to be forwarded to the SDN gateway, and compared with a centralized data processing mode of the SDN gateway, the OVS directly transmits the service data in the same underlay network, so that a data transmission path is shortened, the data transmission efficiency is improved, and the load rate of the SDN is reduced.
Drawings
FIG. 1 is a flow diagram illustrating a method of network connectivity in accordance with an exemplary embodiment;
FIG. 2 illustrates system architecture building steps to implement overlay network and underlay network connectivity in accordance with an exemplary embodiment;
FIG. 3 is a schematic diagram of a networking architecture that illustrates enabling overlay network and underlay network connectivity in accordance with an exemplary embodiment;
FIG. 4 is a schematic diagram illustrating a network-connected processing device architecture in accordance with an exemplary embodiment;
fig. 5 is a schematic diagram of a terminal structure shown in accordance with an example embodiment.
Detailed Description
The technical solution of the present invention is further described in detail with reference to the drawings and the specific embodiments of the specification. Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
In the cloud computing service process, the problem that the underlay and the overlay can not be directly communicated with each other can be encountered. For example, in the cloud process of a part of enterprises, the original business is deployed in a physical machine or a container network a (e.g., object storage, MySQL, k8s cluster service, etc.), and the VMB interconnected through a virtual network may be distributed in two POD container groups. And the underslay physical networks of the physical machine where the AB is positioned are intercommunicated. The B service accesses the external service through the overlay network. In a virtual network environment constructed by the OVS, the OVS creates a plurality of bridges to bind different host machine network cards, thereby realizing the requirements of various types of communication services. And the uplink ports of the overlay service are communicated. Taking VXLAN protocol as an example, a VM (virtual machine) communicates data with other cloud services to automatically encapsulate/offload VXLAN information on OVS upstream ports. But is not aware of the user and the VM, the service data under default sends out the information of automatically adding VXLAN through the upper connection port of VXLAN. This may result in the undelay and overlay not being able to directly interwork.
The present disclosure provides a method of network connectivity. FIG. 1 is a flow diagram illustrating a method of network connectivity in accordance with an exemplary embodiment. As shown in fig. 1, the method for network connectivity includes:
and step 13, forwarding the overlay service data after the target address is modified to an underlay network through a preset virtual network card, wherein the preset virtual network card is a virtual network card which is created based on the overlay service network card and is bound with the OVS bridge.
In the present exemplary embodiment, the execution subject is OVS. overlay service data is data of a specific condition, such as a link to access an external specific website. And the source address and the destination address of the modified whole overlay service data correspond to the same underlay network. That is, the first target address and the second target address in the flow rule may be addresses pointing to the same underlay network.
In this exemplary embodiment, the source address of the overlay service data before being modified is a first destination address, and the source address of the overlay service data is modified from the first destination address to the second destination address.
In the present exemplary embodiment, the second target address is an address that routes (forwards) overlay traffic data directly to the underlay network, for example, the second target address is a physical address that is up to the underlay network. The physical address may specifically include: an IP address.
For example, when communication is performed between the physical machines a and B, the ip address of overlay traffic data includes a destination address and a source address. The destination address can be a physical machine B address, and the source address is an overlay network address (a first destination address); when the overlay network is communicated with the underlay network, a source address of overlay service data is modified into a physical machine A address (a second destination address) to serve as a new source address, and communication between the physical machines A and B is achieved.
In the exemplary embodiment, the connection between the overlay network and the underlay network is established through a preset virtual network card which is created based on the overlay service network card and is bound with the OVS bridge; inquiring a flow rule through a first destination address of overlay service data, and determining a second destination address corresponding to the overlay service data; modifying the destination address of overlay service data into a second destination address; and forwarding the overlay service data with the modified target address to an underlay network through a preset virtual network card. In the whole process, the first destination address of overlay service data is modified into the second destination address, the overlay service data is forwarded to the underlay network through the preset virtual network card, the overlay service data does not need to be forwarded to the SDN gateway, and compared with a centralized data processing mode of the SDN gateway, the OVS directly transmits the service data in the same underlay network, so that a data transmission path is shortened, the data transmission efficiency is improved, and the load rate of the SDN is reduced.
In some embodiments, the first destination address is: a virtual gateway address in the overlay network;
the second target address is: a physical gateway address in the underlay network;
the first destination address and the second destination address are both: and indicating the gateway address of the overlay service data flow direction.
In this exemplary embodiment, the first destination address and the second destination address are both gateway addresses indicating an overlay traffic data flow direction. The first destination address is a virtual gateway address in an overlay network; the second destination address is a physical gateway address in the underlay network. After the destination address of the overlay service data is modified into the second destination address, the OVS can directly forward the overlay service data to the underlay network, and avoid forwarding to the SDN gateway, so that the data processing performance of the OVS is improved.
In this exemplary embodiment, the overlay service data may be an encapsulated packet. When the message is packaged, only tcp, ip and mic of overlay layer are provided. The modification of overlay service data only needs to modify the source address of the overlay layer ip.
In some embodiments, before receiving overlay service data, the method further includes:
setting configuration information in the flow rule according to the overlay service data; the configuration information at least includes:
the second destination address corresponding to the first destination address.
In the present exemplary embodiment, before performing receiving overlay service data, configuration information in the flow rule may be set. And after the overlay service data is received, executing corresponding action according to the configuration information in the flow rule. The configuration information at least comprises a second destination address corresponding to the first destination address, so that the OVS can directly acquire the second destination address in the flow rule, so as to perform forwarding of overlay service data.
In the present exemplary embodiment, the configuration information further includes ethernet protocol type information dl _ type, priority setting information priority.
In this exemplary embodiment, the configuration information further includes a destination address modification and an action performed in a flow rule (table) (e.g., determining a last forwarding port of the packet).
In some embodiments, the configuration information further includes at least:
the time of validity of the flow rule;
the validation time information is used for indicating the existence time length of the flow rule in the OVS.
In the present exemplary embodiment, the validation time information may include a timeout time and/or a survival period of the flow rule. The timeout time and the survival period are used to indicate the length of time the flow rule exists in the OVS.
In some embodiments, before receiving overlay service data, the method further includes:
creating the preset virtual network card based on the overlay service network card;
setting a forwarding port for matching the preset virtual network card; and
binding the preset virtual network card with the OVS bridge; the forwarding port is a port connected with the physical network card of the second target address.
In the present exemplary embodiment, the preset virtual network card is connected to the OVS kernel module through the forwarding port. And meanwhile, the preset virtual network card is connected with the NIC physical network card. After the preset virtual network card is bound with the OVS bridge, the preset virtual network card and the overlay service network card can share the gateway address of the NIC physical network card. Meanwhile, the OVS kernel module can access the gateway address of the NIC physical network card through a forwarding port of the preset virtual network card. The gateway address of the NIC physical network card corresponds to the second destination address. That is, the forwarding port is a port to which the physical network card of the second destination address is connected.
The method for communicating the overlay network and the underlay network provided by the disclosure is implemented by the following processes:
firstly, establishing a virtual network port through a Linux command;
binding the virtual network port to an OVS bridge which is the same as an overlay export service network port through an OVS-vsctl command;
adding a flow table rule through an ovs-ofctl command (or a controller issues flow table information based on OpenFlow), adding a modified data address action (SNAT/DNAT) in a pipeline flow table, and issuing the flow table to a kernel fast path;
the search query of the flow table and the first packet processing (i.e. establishment of kernel fast path) process of the traffic are provided by OVS native functions.
The core implementation includes two parts:
1) creating and binding a virtual network port, and performing kernel default routing selection and NAT conversion;
2) and configuring a flow control rule through OpenFlow, namely, specifying a characteristic flow forwarding rule.
FIG. 2 is a block diagram illustrating system architecture building steps for implementing overlay network and underlay network connectivity in accordance with an exemplary embodiment. As shown in fig. 2, includes:
Fig. 3 is a schematic diagram of a networking architecture for implementing overlay network and underlay network connectivity according to an example embodiment. As shown in fig. 3, the OVS includes three important components: OVSDB-Server, OVS-vswitchd and OVS kernel module. The function is as follows:
OVSDB-Server: and the database service process of the OVS is used for storing the configuration information (such as bridges, ports and the like) of the virtual switch and providing an OVSDB operation interface for the controller and the OVS-vswitch.
OVS-vswitchd: and the core component of the OVS is responsible for storing and managing all flow tables issued by the controller, providing a flow table query function for a kernel module of the OVS and providing an operation interface of an OpenFlow protocol for the controller.
An OVS kernel module: caching some common flow tables and being responsible for data packet forwarding, when a message which cannot be matched is encountered, the module sends a packet-in request to the OVS-vswitch d to obtain a message processing instruction. The OVS kernel module may implement multiple datapaths, each of which may have multiple vport. Each data path contains a Flow Table.
The OVSDB tool is a command line tool of OVS, and comprises a series of OVS configuration commands, including:
OVS-vsctl: inquiring and updating configuration information of the OVS-vswitchd;
OVS-ofctl: query and control OpenFlow switches and controllers.
V00 is a forwarding port of the preset virtual network card eth1.1, and V00 is a forwarding port of the overlay service network card eth1. v0 and v1 … vn are both virtual machines.
The preset virtual network card creation and configuration information setting comprises the following steps:
1. inquiring external communication network card information of the host computer overlay, and creating a preset virtual network card (/ etc/sysconfnig/network-script/ifcfg-0).
2. After the preset virtual network card is created, a forwarding port (vport, assumed to be numbered v00) is added to ovs through a ovs tool ovs-vsctl. v00 is co-bridged with the overlay traffic egress (using the same egress IP) (ovs-vsctl add-port br-out v 00).
3. The SDN Controller (or OVS-offsctl tool) issues peer underlay service address information or constructs OpenFlow flow rules (or OVS flow rules can be automatically generated according to peer underlay). The service data forwarding egress is designated as v00 (ovs-opposite add-flow-OOpenFlow13 s1"table 10, dl _ dst 00:00:00:00:01, actions 1").
4. And configuring OVS conntrack-based NAT rules, such as: 10.10.10.2 is VM overlay IP; 172.16.1.10 carrying the external IP of overlay service for the host; SNAT, ovs-offset add-flow-OOpenFlow13 s1"table ═ 5, priority ═ 100, dl _ type ═ 0x0800, nw _ src ═ 10.10.10.2, actions ═ mod _ nw _ src ═ 172.16.1.10, goto _ table ═ 10", dna, ovs-ctl add-flow-OOpenFlow13 s1"table ═ 5, priority ═ 100, dl _ type × 0800 x0800, nw _ dst ═ 172.16.1.10actions ═ mod _ nw _ dst ═ 10.10.10.10.2, goto _ table ═ 10.
In the present disclosure, data received by a virtual machine specified in v0 or v1 … vn is forwarded to a specified preset virtual network card through table execution in flow table rule setting. As shown in the figure, the service data received by v0, v1 and v2 are transmitted to v 00. And then forwarded to the NIC via eth 1.1. Wherein, internal is the attribute configuration of eth 1.1. The attribute configuration of eth1.1 may be determined according to the type of the received overlay service data. For example, if an OVS is required to access an external website link, then the attribute configuration of eth1.1 may be internal.
The method for communicating the overlay network and the underlay network provided by the disclosure has the advantages that:
flexibility: the original functions of the OVS are not changed, and data forwarding is realized by adding a virtual network card. The flow rule can be issued through OpenFlow, and the dynamic control can be programmed.
Performance boost and bandwidth saving: because the conversion of the data is realized at an OVS layer, the data is transparent to a VM, and the realization of the flow conversion based on OVS distributed deployment is improved compared with the centralized data processing performance of an SDN gateway (the difference of the actual measurement performance of a virtual environment is about 10%). For overlay service and underlay service belonging to the same AZ (Availability Zone), the physical network is reachable. The method and the device can realize the intercommunication of the east and west flow and avoid the bandwidth occupation caused by the south-north direction of the east and west flow. Nowadays, east and west traffic in the cloud already occupies nearly 80% of DC traffic, and with the rapid development of services (storage, underlay bare metal), the scenarios of interworking between overlay and underlay are more and more, and the bandwidth saving in the north and south directions by the present disclosure is also increasing.
The cost is saved: according to the method and the device, a physical network card of the host machine is not required to be added, the flow is not required to be forwarded through the SDN gateway, and therefore capacity expansion original equipment (a network card and a capacity expansion gateway are added) is not required, and actual investment is not required to be increased. And for a large-scale private cloud scene, the cost is obviously saved.
The present disclosure also provides several methods for implementing data intercommunication between overlay service and underlay service, including:
firstly, the method comprises the following steps: and the host machine is additionally provided with an underlay network card, the intercommunication with the underlay service is realized through OVS, and the virtual machine service B data is sent to the destination terminal A through the local network.
Secondly, the method comprises the following steps: service data is exported to an underlay service through an SDN (software defined network) outlet gateway, data conversion is realized in the SDN gateway through an overlay network (VXLAN, VTEP capability is provided by the OVS and the SDN gateway) between the OVS to which the service B belongs and the SDN gateway, and then the data are sent to a destination terminal A.
Thirdly, the method comprises the following steps: and an SDN gateway (an internal gateway) in the cloud is added to route the service data to the underlay service, the principle is the same as that of 2, and the flow in the cloud is reduced to be converged to an outlet.
Fourthly: the Underlay server A realizes the VTEP function through a technical means, and disguises the Underlay service as overlay.
The above four methods have some problems, including:
the first method described above: in the deployed resource pool use scheme, a host machine network card needs to be added, cost is increased, and meanwhile OVS (SDN) is matched with addition of flow table control and NAT conversion, and additionally, resource pool underlay IP resources are further consumed by newly adding the network card.
The second method described above: routing overlay service flow to an SDN gateway, stripping VXLAN information, performing NAT, and then performing intercommunication with an underlay service, and when the overlay service and the underlay service are in the same AZ (or resource pool) and are in physical two-three layer intercommunication, the way can convert flow (east-west) in the resource pool into outlet flow (south-north). The service features in the cloud are that data interaction in the resource pool occupies nearly 80% of the whole flow, the scheme can forcibly convert a large amount of east and west flows into the north and south directions, the SDN gateway pressure is increased (capacity expansion is needed), the flow in the resource pool flows through the CMNET public network, and the network uncertainty (routing hop count is increased, at least one flow is increased to the gateway) and the potential safety hazard are increased.
The third method described above: the problem that the east-west traffic is converted into the north-south traffic in the second method is solved, the SDN gateway processes service intercommunication data and cross-VPC service of east-west overlay and underlay in cloud (Availability Zone in AZ), capacity expansion is needed on the existing basis, NAT capacity is increased, SDN gateway pressure is increased, and deployment cost is increased.
The fourth method described above: disguising the underlay as overlay, and adding a kernel processing (VTEP) at the A end to realize the conversion of non-perceptual data, but adding virtual overlay information, such as VXLAN, at the A end at the SDN controller side and synchronizing control routing information to the SDN gateway are needed. This way will increase the complexity of the SDN gateway (processing virtual overlay information), and at the same time, need to increase the control information (VXLAN information delivery) of the SDN controller and the a-end physical machine.
The overlay network and underlay network communication method provided by the disclosure fully utilizes the characteristics of high quality, multi-layer virtual switching, support of various Linux virtualization technologies and the like of OVS (open vSwitch). And combining the virtual network card and the cloud network application scene to realize that the specific service data is forwarded through the designated OVS port. And converts the virtual IP (overlay address) into a physical IP (underlay address) by the NAT function, thereby delivering service data through the local network.
In another aspect, the present disclosure provides a network connected processing device. Fig. 4 is a schematic diagram illustrating a network-connected processing device according to an exemplary embodiment. As shown in fig. 4, a processing apparatus for network connectivity provided in an embodiment of the present disclosure includes:
a first processing unit 41, configured to receive overlay service data;
a second processing unit 42, configured to query a flow rule according to the first destination address of the overlay service data, and determine a second destination address corresponding to the overlay service data; wherein the first destination address is an overlay network address; the second target address is an underlay network address;
a third processing unit 43, configured to modify the first destination address of the overlay service data into the second target;
and a fourth processing unit 44, configured to forward the overlay service data after the address modification to an underlay network through a preset virtual network card, where the preset virtual network card is a virtual network card that is created based on the overlay service network card and is bound to the OVS bridge.
In the present exemplary embodiment, the execution subject is OVS. overlay service data is data of a specific condition, such as a link to access an external specific website. And the source address and the destination address of the modified whole overlay service data correspond to the underlay network.
In this exemplary embodiment, the source address before the overlay service data is modified is a first destination address, and the source address of the overlay service data is modified from the first destination address to the second destination address.
In the present exemplary embodiment, the second target address is an address that routes (forwards) overlay traffic data directly to the underlay network, for example, the second target address is a physical address that is up to the underlay network. The physical address may specifically include: an IP address.
For example, when communication is performed between the physical machines a and B, the ip address of overlay traffic data includes a destination address and a source address. The destination address can be a physical machine B address, and the source address is an overlay network address (a first destination address); when the overlay network is communicated with the underlay network, a source address of overlay service data is modified into a physical machine A address (a second destination address) to serve as a new source address, and communication between the physical machines A and B is achieved.
In the exemplary embodiment, the connection between the overlay network and the underlay network is established through a preset virtual network card which is created based on the overlay service network card and is bound with the OVS bridge; inquiring a flow rule through a first destination address of overlay service data, and determining a second destination address corresponding to the overlay service data; modifying the destination address of overlay service data into a second destination address; and forwarding the overlay service data with the modified target address to an underlay network through a preset virtual network card. In the whole process, the first destination address of overlay service data is modified into the second destination address, the overlay service data is forwarded to the underlay network through the preset virtual network card, the overlay service data does not need to be forwarded to the SDN gateway, and compared with a centralized data processing mode of the SDN gateway, the OVS directly transmits the service data in the same underlay network, so that a data transmission path is shortened, the data transmission efficiency is improved, and the load rate of the SDN is reduced.
In some embodiments, in a processing device where the overlay network and the underlay network are connected,
the first destination address is: a virtual gateway address in the overlay network;
the second target address is: a physical gateway address in the underlay network;
the first destination address and the second destination address are both: and indicating the gateway address of the overlay service data flow direction.
In this exemplary embodiment, the first destination address and the second destination address are both gateway addresses indicating a flow direction of overlay traffic data. The first destination address is a virtual gateway address in an overlay network; the second destination address is a physical gateway address in the underlay network. After the destination address of the overlay service data is modified into the second destination address, the OVS can directly forward the overlay service data to the underlay network, and forwarding to the SDN gateway is avoided, so that the data processing performance of the OVS is improved.
In this exemplary embodiment, the overlay service data may be an encapsulated packet. When the message is packaged, only tcp, ip and mic of overlay layer are provided. The modification of overlay service data only needs to modify the source address of the overlay layer ip.
In some embodiments, as shown in fig. 4, the processing device in which the overlay network and the underlay network are connected further includes:
a fifth processing unit 45, configured to set configuration information in the flow rule according to the overlay service data; the configuration information at least includes:
the second destination address corresponding to the first destination address.
In the present exemplary embodiment, before performing receiving overlay service data, configuration information in the flow rule may be set. And after the overlay service data is received, executing corresponding action according to the configuration information in the flow rule. The configuration information at least comprises a second destination address corresponding to the first destination address, so that the OVS can directly acquire the second destination address in the flow rule, and the overlay service data can be conveniently forwarded.
In the present exemplary embodiment, the configuration information further includes ethernet protocol type information dl _ type, priority setting information priority.
In this exemplary embodiment, the configuration information further includes destination address modification and an action performed in the table (for example, determining a last forwarding port of the packet).
In some embodiments, in a processing device in which an overlay network and an underlay network are connected, the configuration information further includes at least:
the time of validity of the flow rule;
the validation time information is used for indicating the existence time length of the flow rule in the OVS.
In the present exemplary embodiment, the validation time information may include a timeout time and/or a survival period of the flow rule. The timeout time and the survival period are used to indicate the length of time the flow rule exists in the OVS. In some embodiments, the fifth processing unit is further configured to create the preset virtual network card based on an overlay service network card;
setting a forwarding port for matching the preset virtual network card; and
binding the preset virtual network card with the OVS bridge; and the forwarding port is a port connected with the physical network card of the second target address.
In the present exemplary embodiment, the preset virtual network card is connected to the OVS kernel module through the forwarding port. And meanwhile, the preset virtual network card is connected with the NIC physical network card. After the preset virtual network card is bound with the OVS bridge, the preset virtual network card and the overlay service network card can share the gateway address of the NIC physical network card. Meanwhile, the OVS kernel module can access the gateway address of the NIC physical network card through a forwarding port of the preset virtual network card. The gateway address of the NIC physical network card corresponds to the second destination address. That is, the forwarding port is a port to which the physical network card of the second destination address is connected.
The present disclosure also provides a terminal. Fig. 5 is a schematic diagram of a terminal structure shown in accordance with an example embodiment. As shown in fig. 5, a terminal provided in the embodiment of the present disclosure includes: a processor 530 and a memory 520 for storing a computer program capable of running on the processor, wherein the processor 530 is configured to execute the steps of the method provided by the above embodiments when the computer program runs.
The present disclosure also provides a computer-readable storage medium. The computer readable storage medium provided by the embodiments of the present disclosure has a computer program stored thereon, and the computer program realizes the steps of the method provided by the above embodiments when being executed by a processor.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
In some cases, any two of the above technical features may be combined into a new method solution without conflict.
In some cases, any two of the above technical features may be combined into a new device solution without conflict.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media capable of storing program codes, such as a removable Memory device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, and an optical disk.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (12)
1. A method for network connectivity is applied to an OVS bridge for transmitting overlay service, and comprises the following steps:
receiving overlay service data;
inquiring a flow rule according to a first destination address of the overlay service data, and determining a second destination address corresponding to the overlay service data; wherein the first destination address is an overlay network address; the second target address is an underlay network address;
modifying the first destination address of the overlay service data into the second destination address;
and forwarding the overlay service data after the address modification to an underlay network through a preset virtual network card, wherein the preset virtual network card is a virtual network card which is created based on the overlay service network card and is bound with the OVS bridge.
2. The method of network connectivity according to claim 1, wherein the first destination address is: a virtual gateway address in the overlay network;
the second target address is: a physical gateway address in the underlay network;
the first destination address and the second destination address are both: and indicating the gateway address of the overlay service data flow direction.
3. The method of network connectivity according to claim 1, wherein before receiving overlay traffic data, the method further comprises:
setting configuration information in the flow rule according to the overlay service data; the configuration information at least comprises:
the second destination address corresponding to the first destination address.
4. The method of network connectivity according to claim 3, wherein the configuration information further comprises at least:
the time of validity of the flow rule;
the validation time information is used for indicating the existence time length of the flow rule in the OVS.
5. The method for network connectivity according to claim 1, wherein before receiving overlay service data, the method further comprises:
creating the preset virtual network card based on the overlay service network card;
setting a forwarding port for matching the preset virtual network card; and
binding the preset virtual network card with the OVS bridge; and the forwarding port is a port connected with the physical network card of the second target address.
6. A processing device for network connectivity is applied to an OVS bridge for transmitting overlay service, and comprises:
the first processing unit is used for receiving overlay service data;
the second processing unit is used for inquiring a flow rule according to the first destination address of the overlay service data and determining a second destination address corresponding to the overlay service data; wherein the first destination address is an overlay network address; the second target address is an underlay network address;
a third processing unit, configured to modify the first destination address of the overlay service data into the second destination address;
and the fourth processing unit is configured to forward the overlay service data after the address modification to an underlay network through a preset virtual network card, where the preset virtual network card is a virtual network card created based on the overlay service network card and bound to the OVS bridge.
7. The network connected processing device of claim 6,
the first destination address is: a virtual gateway address in the overlay network;
the second target address is: a physical gateway address in the underlay network;
the first destination address and the second destination address are both: and indicating the gateway address of the overlay service data flow direction.
8. The apparatus for processing network connectivity according to claim 6, further comprising:
a fifth processing unit, configured to set configuration information in the flow rule according to the overlay service data; the configuration information at least includes:
the second destination address corresponding to the first destination address.
9. The apparatus for processing network connectivity according to claim 8, wherein the configuration information further comprises at least:
the time of validity of the flow rule;
the validation time information is used for indicating the existence time length of the flow rule in the OVS.
10. The processing device of network connectivity according to claim 8, wherein the fifth processing unit is further configured to create the preset virtual network card based on an overlay service network card;
setting a forwarding port for matching the preset virtual network card; and
binding the preset virtual network card with the OVS bridge; the forwarding port is a port connected with the physical network card of the second target address.
11. A terminal, comprising: a processor and a memory for storing a computer program operable on the processor, wherein the processor is operable to perform the steps of the method of claims 1 to 5 when executing the computer program.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011497633.XA CN114650290A (en) | 2020-12-17 | 2020-12-17 | Network connection method, processing device, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011497633.XA CN114650290A (en) | 2020-12-17 | 2020-12-17 | Network connection method, processing device, terminal and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114650290A true CN114650290A (en) | 2022-06-21 |
Family
ID=81990158
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011497633.XA Pending CN114650290A (en) | 2020-12-17 | 2020-12-17 | Network connection method, processing device, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114650290A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150224A (en) * | 2022-06-29 | 2022-10-04 | 济南浪潮数据技术有限公司 | Inter-cluster network two-layer communication method, device, equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101986666A (en) * | 2010-11-05 | 2011-03-16 | 清华大学 | Network data transmission method based on virtual network interface and reverse address resolution |
| CN103067242A (en) * | 2012-12-04 | 2013-04-24 | 中国电信股份有限公司云计算分公司 | Virtual machine system used for providing network service |
| CN103685608A (en) * | 2013-12-24 | 2014-03-26 | 北京启明星辰信息技术股份有限公司 | Method and device for automatically configuring IP (Internet Protocol) address of security virtual machine |
| CN107959654A (en) * | 2016-10-14 | 2018-04-24 | 北京金山云网络技术有限公司 | A kind of data transmission method, device and mixing cloud system |
| US20190173888A1 (en) * | 2016-08-09 | 2019-06-06 | Huawei Technologies Co., Ltd. | Method for virtual machine to access physical server in cloud computing system, apparatus, and system |
| US20200127963A1 (en) * | 2018-10-17 | 2020-04-23 | ColorTokens, Inc. | Establishing connection between different overlay networks using edge application gateway |
| CN111130975A (en) * | 2018-11-01 | 2020-05-08 | 深信服科技股份有限公司 | Hybrid cloud network intercommunication system and method |
| CN111711557A (en) * | 2020-08-18 | 2020-09-25 | 北京赛宁网安科技有限公司 | Remote access system and method for network target range users |
| CN111800340A (en) * | 2020-06-05 | 2020-10-20 | 北京京东尚科信息技术有限公司 | Data packet forwarding method and device |
-
2020
- 2020-12-17 CN CN202011497633.XA patent/CN114650290A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101986666A (en) * | 2010-11-05 | 2011-03-16 | 清华大学 | Network data transmission method based on virtual network interface and reverse address resolution |
| CN103067242A (en) * | 2012-12-04 | 2013-04-24 | 中国电信股份有限公司云计算分公司 | Virtual machine system used for providing network service |
| CN103685608A (en) * | 2013-12-24 | 2014-03-26 | 北京启明星辰信息技术股份有限公司 | Method and device for automatically configuring IP (Internet Protocol) address of security virtual machine |
| US20190173888A1 (en) * | 2016-08-09 | 2019-06-06 | Huawei Technologies Co., Ltd. | Method for virtual machine to access physical server in cloud computing system, apparatus, and system |
| CN107959654A (en) * | 2016-10-14 | 2018-04-24 | 北京金山云网络技术有限公司 | A kind of data transmission method, device and mixing cloud system |
| US20200127963A1 (en) * | 2018-10-17 | 2020-04-23 | ColorTokens, Inc. | Establishing connection between different overlay networks using edge application gateway |
| CN111130975A (en) * | 2018-11-01 | 2020-05-08 | 深信服科技股份有限公司 | Hybrid cloud network intercommunication system and method |
| CN111800340A (en) * | 2020-06-05 | 2020-10-20 | 北京京东尚科信息技术有限公司 | Data packet forwarding method and device |
| CN111711557A (en) * | 2020-08-18 | 2020-09-25 | 北京赛宁网安科技有限公司 | Remote access system and method for network target range users |
Non-Patent Citations (1)
| Title |
|---|
| 李刚;: "基于NSX的高校数据中心网络虚拟化应用", 网络安全技术与应用, no. 10 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150224A (en) * | 2022-06-29 | 2022-10-04 | 济南浪潮数据技术有限公司 | Inter-cluster network two-layer communication method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111885075B (en) | Container communication method, device, network equipment and storage medium | |
| US11563669B2 (en) | Method for implementing network virtualization and related apparatus and communications system | |
| CN108293022B (en) | Method, device and system for transmitting message | |
| CN106656719B (en) | Inter-cloud communication method and related equipment, inter-cloud communication configuration method and related equipment | |
| WO2016034014A1 (en) | Gateway control method, device and system based on virtual machine migration | |
| CN111224821B (en) | Security service deployment system, method and device | |
| CN111917649B (en) | Virtual private cloud communication and configuration method and related device | |
| CN106533890B (en) | Message processing method, device and system | |
| CN107547439B (en) | Network flow control method and computing node | |
| CN102780601A (en) | Method and system of virtual managed network | |
| CN104780088A (en) | Service message transmission method and equipment | |
| CN110213148B (en) | Data transmission method, system and device | |
| CN107733795B (en) | Ethernet virtual private network EVPN and public network intercommunication method and device | |
| CN106953848B (en) | Software defined network implementation method based on ForCES | |
| CN111698346B (en) | Private network address conversion method and device, private network gateway and storage medium | |
| CN108322391B (en) | Data transmission method based on flow table | |
| CN111193773A (en) | Load balancing method, device, equipment and storage medium | |
| CN105227454A (en) | Virtual flow-line system and method | |
| WO2023165137A1 (en) | Cross-cluster network communication system and method | |
| CN108574613B (en) | Two-layer intercommunication method and device for SDN data center | |
| CN109688241B (en) | IPv4/IPv6 dual-stack conversion method and system based on SDN | |
| CN111556110A (en) | Automatic adaptation method for different physical service networks of private cloud system | |
| CN111416723A (en) | Equipment management method and related equipment | |
| CN110324244B (en) | Routing method based on Linux virtual server and server | |
| JP2019519146A (en) | Routing establishment, packet transmission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |